Re: Authenticating Users via LDAP (Active Directory)

If any RADIUS servers are configured on the controller, the controller tries to authenticate the wireless clients using the RADIUS servers first. Local EAP is attempted only if no RADIUS servers are found, either because the RADIUS servers timed out or no RADIUS servers were configured. If four RADIUS servers are configured, the controller attempts to authenticate the client with the first RADIUS server, then the second RADIUS server, and then local EAP. If the client attempts to then reauthenticate manually, the controller tries the third RADIUS server, then the fourth RADIUS server, and then local EAP.

Re: Authenticating Users via LDAP (Active Directory)

Yes you can use LDAP with no RADIUS. However you should be aware of restrictions when using LDAP backend atabase authentication against LDAP. For instance, you will have to reconfigure your AD to return clear-text password.

Re: Authenticating Users via LDAP (Active Directory)

RADIUS communications are hashed with the Shared Secret, which is a poor excuse for encryption, but it keeps user credentials from rolling around in clear text format. Seems like you ought to be able to use IPSec to tighten up the comm between the controller and the RADIUS box.

This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
view more